Hey everyone, I've been writing a ptrace based sandboxing tool, called sydbox¹, and I want to explain about some of my bad experiences with ptrace and whether utrace will fix these deficiencies.
First of all ptrace() makes it rather hard writing portable code that will work for every architecture. You have to find out registry numbers for every architecture. It would be really nice if there were a common interface like utrace_get_syscall(), utrace_set_syscall() that works for every architecture supported. Basically sydbox intercepts some system calls and checks their arguments. Using ptrace, however, it's not possible to stop the children only at the entry of system calls we are interested in but we have to stop them at _every_ system call and check for the system call number. Because of this threaded applications run very slowly under sydbox as we have to stop them at every sched_yield(). I know that utrace will split PTRACE_SYSCALL into two calls SYSCALL_ENTRY and SYSCALL_EXIT and this is really cool but maybe the ability to stop the children only at system calls the caller is interested in is a better idea. Last but not least, I want to thank you for your efforts to create a nicer tracing API for Linux. Peace! ¹: http://github.com/alip/sydbox -- Regards, Ali Polatel
pgpZeN61t1Rpc.pgp
Description: PGP signature